Home > News > UVA Student, Hackers Crack Credit Card Security Code

UVA Student, Hackers Crack Credit Card Security Code

March 2, 2008

CHARLOTTESVILLE, Va. (AP) -- An encryption code used to protect billions of credit cards, subway passes and security badges is safe no more.

A University of Virginia graduate student and two fellow hackers say they have cracked the code used for tiny chips found inside many "smartcards" with readily available equipment that cost less than $1,000.

Twenty-six-year-old Karsten Nohl and his two German partners dismantled the chip and mapped out its secret security algorithm. They ran the formula through a computer program and broke the encryption after a few hours.

"I don't want to help attackers, but I want to inform people about the vulnerabilities of these cards," said Nohl, a Ph.D. candidate in computer engineering at U.Va. who is originally from Germany.

The wireless chips found inside credit cards, car keys, security keycards and subway passes use technology known as radio-frequency identification. Cracking the code would allow a criminal to clone credit cards, get free subway rides, gain access to buildings or steal cars.

Nohl and his colleagues announced their findings at the Chaos Communications Congress in Berlin, an annual worldwide convention of hackers.

While they are not releasing the details of how they beat the chip's security code, Nohl said if they could defeat the code, it is possible that criminals might also have done so.

The chip Nohl breached is manufactured by NXP Semiconductors, a Netherlands company formerly affiliated with the electronics firm Philips.

Manuel Albers, director of regional marketing for North and South America for NXP, disputed the claim, saying Nohl and his partners obtained only a portion of the cryptographic algorithm.

The company has been in contact with Nohl and his team and is reviewing their findings.

"We constantly improve and review our products to make sure it's up to snuff with the latest security threats," Albers said.

Projects such as hacking the security code is the "evil twin" of Nohl's regular research, he said, which focuses on the development of cryptographic algorithms for computer security.

Exposing security flaws through hacking helps ensure that future products are more secure, said Nohl's faculty adviser, David Evans, an associate professor in U.Va.'s School of Engineering and Applied Science.

Original Article | Local Copy


More news about Karsten Nohl


More news about David E Evans


Return To List